<?php
namespace app\http\middleware;

class CheckAdmin
{
    /**
     * 管理员权限验证
     * @param \think\Request $request
     * @param \Closure $next
     * @return Response
     */
    public function handle($request, \Closure $next)
    {
        // 验证登录状态
        if (!session('admin_id')) {
            return json(['code' => 401, 'msg' => '请先登录']);
        }

        // 验证权限
        $controller = strtolower($request->controller());
        $action = strtolower($request->action());
        $auth = $controller . '/' . $action;

        // 超级管理员跳过权限验证
        if (session('admin_role') != 1) {
            $authService = new \app\common\service\Auth();
            if (!$authService->check(session('admin_id'), $auth)) {
                return json(['code' => 403, 'msg' => '没有权限']);
            }
        }

        return $next($request);
    }
} 